DavidSortOf

Well, my hosting service did a security scan and it turns out I wasn’t hacked. This is what I suspected, because aside from this, there was nothing amiss on that site.

I’m just very baffled as to how that code ended up in Semalt Blocker’s settings panel, after fresh installs, repeatedly. The fix above (Post 22?) worked, but I’d be so interested in learning how this may have happened.

So if any experts happen upon this thread, I’d be grateful for any insight!

Alex, could it be that WP was caching something somewhere, related to this plug-in, so the code kept on being carried over, added to the class-admin file when the plug-in’s zip file was decompressed? And that now that I’ve deleted this code, all is well?

Hi Jan —

Please do not post duplicate topics in these forums

Noted!

And thanks for digging in!

No, nothing is changed on activation on my side, either; when I install the plug-in via WP, and look at the file using FTP, before activation, it contains that code.

Ok so I could be hacked. That there could be some kind of malware in there, triggering this code. How would I know for sure? Could there be any other explanation? If I have to conclude I’ve been hacked, what would be my next step?

I had marked this as resolved because now, I can log in with the plug-in activated, which was the original problem on this thread. It seems to me that the hack question would be another topic, and beyond the forum for this plug-in, correct?

Well, THAT was interesting! : )

Alex, I looked at the Semalt Blocker settings panel for the site that was (yes, that’s WAS) having problems, and in the Domains to Block field, it contained this:

<br />
<b>Notice</b>:  Undefined index: domains in <b>/home/[username]/[site].com/wp-content/plugins/semalt/class-admin.php</b> on line <b>77</b><br />

Then I looked at the settings panel for the site that didn’t have the problem, and it was blank.

So, I deleted said code above from the site where it wasn’t working, and boom; problem solved! : )

My only question now is, how/why did that code get there? This was a fresh install, and I never modified that field. Why would that happen, and only on that site? Perhaps there is still something “odd” in the setup of this site, and it would be great to really know what was going on.

Any ideas, Alex?

Hi Alex — Re: “undefined indexes,” I found this.

How might I experiement with that, to see if it solves my problem?

In semalt.php, lines 54 and 55, it says

$domain  = $_SERVER['SERVER_NAME'];
foreach(explode("\n", $options['domains']) as $line) {

Does it seem reasonable to tweak “domains” with isset? If so how would one do that? Confused about (many things, including) “domains” vs “domain,” and what exactly is the variable here. ; )

Thanks,

David

Hosting service says both sites are identical, including their “output buffering settings.”

So, it’s just very strange: works on one site but not another. Very baffled by this, so I went back to Googling it, and I found someplace that said, essentially, “focus on the first error, and chances are, it will take care of the subsequent ones.”

So the first error always seems to be

Notice: Undefined index: domains in /home/[username]/[site].com/wp-content/plugins/semalt/semalt.php on line 55

And the heart of this, I think, is the string “domains.” Just out of curiosity, I deleted the “s” and I got the same error, but with the word “domain.” So clearly the string “domains” is causing a problem. But only, I think so far, for me, and only on this one site.

Again this is way over my head, but it seems crackable, since it works on my other site and for everyone else.

Any ideas as to why this might be happening?

I know, it’s pretty frustrating, and it’s likely that it’s on my end since it seems to be only this one site, even though, oddly, it happens only with this plug-in, and only after an update.

This link covers the issue pretty thoroughly, I think: https://stackoverflow.com/questions/8028957/how-to-fix-headers-already-sent-error-in-php

I suppose it’s possible that the sites are on different servers, and that they have different “output buffering php.ini settings,” as the top-voted responder on that thread suggests.

This is all over my head, and both sites are hosted, so I have a message out to my hosting service. I’ll chime back if I learn anything.

Nope, no caching plug-ins. I also tried deactivating the other plug-ins, but that didn’t work.

Also, just in case this info helps anyone, per our conversation over email, I deleted the blank line in semalt.php, and that didn’t work either.

Weird that it only happens with one of my websites similarly configured, and specifically with the Semalt Blocker update of around last Thursday.

Yep, sitting side-by-side on the same server, and both on WP 4.1.1.

But, switching to the Twenty Thirteen theme on my other site doesn’t create the problem. : (

Sadly, though the Google Redirect Issue seems to be fixed on one of my sites, this issue, which I’m having one one site, is worse with the 1.1.3 update:

Now, I get a whole string of similar messages when I log off of WordPress, and when I load the log-on page, I get this:

Notice: Undefined index: domains in /home/[username]/[site].com/wp-content/plugins/semalt/semalt.php on line 55

Warning: Cannot modify header information - headers already sent by (output started at /home/[username]/[site].com/wp-content/plugins/semalt/semalt.php:55) in /home/[username]/[site].com/wp-login.php on line 424

Warning: Cannot modify header information - headers already sent by (output started at /home/[username]/[site].com/wp-content/plugins/semalt/semalt.php:55) in /home/[username]/[site].com/wp-login.php on line 437

Warning: Cannot modify header information - headers already sent by (output started at /home/[username]/[site].com/wp-content/plugins/semalt/semalt.php:55) in /home/[username]/[site].com/wp-includes/pluggable.php on line 918

Warning: Cannot modify header information - headers already sent by (output started at /home/[username]/[site].com/wp-content/plugins/semalt/semalt.php:55) in /home/[username]/[site].com/wp-includes/pluggable.php on line 919

Warning: Cannot modify header information - headers already sent by (output started at /home/[username]/[site].com/wp-content/plugins/semalt/semalt.php:55) in /home/[username]/[site].com/wp-includes/pluggable.php on line 920
[Site Name]

Worse, when I attempt to log on, I get this:

ERROR: Cookies are blocked due to unexpected output. For help, please see this documentation or try the support forums.

And I cannot log in.

The main difference between the two sites is that this one uses the Twenty Thirteen theme.

Thanks,

David

Works for me! : ) Thank you!

Hi Alex! I have to say I’m really surprised that you can’t replicate this. Maybe it has to do with the kind of link, etc.

Can you post the url of a site that has the plug-in enabled? I’ll link to it in the same way that I did when I got the error, using a test site that I’ll post, and we can see if we can replicate it.

Thanks,

David

Done. And yes, I’m using v1.1.2.

Thanks,

David

Confirmed that I have this bug too, and deactivating solves the problem:

Activate the plug-in at “Site A.”
Create content on “Site B” that links to a page on “Site A.”
Click on that link on Site B, and it will go to Google, not Site A.

Thanks,

David